search cancel

PAMSC/PIM All: PROGRAM class block run after update application.

book

Article ID: 214544

calendar_today

Updated On:

Products

CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

PROGRAM class is defined without flags.
For example,
  editres PROGRAM ('/Full/path/to/app') defaccess(EXECUTE) owner('nobody')

After upgrade this application, this app blocks to run as untrusted.
In audit log:
D MMM YYYY hh:mm:ss D PROGRAM      user01       Exec      250  2 /Full/path/to/app /usr/bin/bash        srchost

Why this command is blocked although user does not set flag?

Cause

After defined this rule, editres PROGRAM ('/Full/path/to/app') defaccess(EXECUTE) owner('nobody')
flags set as all as default.

ata for PROGRAM '/Full/path/to/app'
 -----------------------------------------------------------
Defaccess         : X
...
Trusted Pgm Info  : Mtime, Ctime, Mode, Size, Device, Inode, Crc, Sha1, Sha256, Sha384, Sha512, Owner, Group

Then, when app is updated, it checking by PAMSC and set untrust.
So, it blocked to run with setting as blockrun. 

Environment

Release : 14.1

Component : PAM SERVER CONTROL ENDPOINT UNIX/LINUX

Resolution

if you want to skip this check, rule is defined with flags(none).

editres PROGRAM ('/Full/path/to/app') defaccess(EXECUTE) owner('nobody') flags(none)